Executive Summary: A cyberattack on the banks and broadcasting companies in South Korea occurred after a logic bomb affected the computers of these companies and wiped their hard drives. The logic bomb dictated the time and date at which the malware would wipe the hard drives of these companies computers which occurred on March 20,2013 at around 2 p.m. The attack also after wiping the hard drive, rebooted the computers and since the operating systems had been wiped the computers asked for a new operating system. The wipe of the hard drive also erased the Linux operating systems that may have been on the computers. The logic bomb was placed on the computers after employees opened a phishing e-mail that appeared to be from a bank and the e-mail had a downloader, which downloaded the malware and logic bomb.
Analysis: The attack was conducted because of the opening of an e-mail that contained a Trojan, which downloaded the malware and logic bomb that wiped the computers’ hard drives. The malware had not been on the computers for more than a day because the e-mail was sent on March 19, 2013 and the logic bomb went off the next day. Some controls that could have been implemented that would have helped to prevent this attack, would be the employees should not have opened the attachment in the e-mail which contained the Trojan if they didn’t recognize where the e-mail came from. The employees’ computers could also have a control that would filter spam so that way they wouldn’t have received the e-mail in the first place. They could also have a control so that the attachments don’t download automatically and also have some type of antivirus program scan the e-mail. One final control that could have been in place would be that if the e-mail was with a bank they could asked that the e-mails be encrypted for confidentiality, authenticity, and message integrity. These were some of the controls that could have been in place to stop this attack.
A cyberattack on the banks and broadcasting companies in South Korea occurred after a logic bomb affected the computers of these companies and wiped their hard drives. The logic bomb dictated the time and date at which the malware would wipe the hard drives of these companies computers which occurred on March 20,2013 at around 2 p.m. The attack also after wiping the hard drive, rebooted the computers and since the operating systems had been wiped the computers asked for a new operating system. The wipe of the hard drive also erased the Linux operating systems that may have been on the computers. The logic bomb was placed on the computers after employees opened a phishing e-mail that appeared to be from a bank and the e-mail had a downloader, which downloaded the malware and logic bomb.
Analysis:
The attack was conducted because of the opening of an e-mail that contained a Trojan, which downloaded the malware and logic bomb that wiped the computers’ hard drives. The malware had not been on the computers for more than a day because the e-mail was sent on March 19, 2013 and the logic bomb went off the next day. Some controls that could have been implemented that would have helped to prevent this attack, would be the employees should not have opened the attachment in the e-mail which contained the Trojan if they didn’t recognize where the e-mail came from. The employees’ computers could also have a control that would filter spam so that way they wouldn’t have received the e-mail in the first place. They could also have a control so that the attachments don’t download automatically and also have some type of antivirus program scan the e-mail. One final control that could have been in place would be that if the e-mail was with a bank they could asked that the e-mails be encrypted for confidentiality, authenticity, and message integrity. These were some of the controls that could have been in place to stop this attack.